Kendiv's Box - 深入探索Windows系统http://blog.csdn.net/kendiv/category/88780.aspx有关Windows系统内核的文章、对Windows系统机制的剖析及其相关应用zh-CNFri, 04 Apr 2008 02:04:17 GMT60Kendiv优先级反转+解决方案http://blog.csdn.net/kendiv/archive/2007/09/18/1788966.aspxTue, 18 Sep 2007 01:33:00 GMThttp://blog.csdn.net/kendiv/archive/2007/09/18/1788966.aspxhttp://blog.csdn.net/kendiv/comments/1788966.aspxhttp://blog.csdn.net/kendiv/archive/2007/09/18/1788966.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/1788966.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1788966简要介绍了什么是优先级反转,产生的原因及其解决方案。<img src ="http://blog.csdn.net/kendiv/aggbug/1788966.aspx" width = "1" height = "1" />KendivWindows内核调试器原理浅析http://blog.csdn.net/kendiv/archive/2007/05/01/1594180.aspxTue, 01 May 2007 15:07:00 GMThttp://blog.csdn.net/kendiv/archive/2007/05/01/1594180.aspxhttp://blog.csdn.net/kendiv/comments/1594180.aspxhttp://blog.csdn.net/kendiv/archive/2007/05/01/1594180.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/1594180.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1594180简单分析了WinDBG,并于SoftICE进行了对比。<img src ="http://blog.csdn.net/kendiv/aggbug/1594180.aspx" width = "1" height = "1" />Kendiv(转载)绕过Copy-On-Write机制安装全局Hookhttp://blog.csdn.net/kendiv/archive/2005/10/26/517233.aspxWed, 26 Oct 2005 21:53:00 GMThttp://blog.csdn.net/kendiv/archive/2005/10/26/517233.aspxhttp://blog.csdn.net/kendiv/comments/517233.aspxhttp://blog.csdn.net/kendiv/archive/2005/10/26/517233.aspx#Feedback2http://blog.csdn.net/kendiv/comments/commentRss/517233.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=517233绕过Copy-On-Write机制安装全局Hook <img src ="http://blog.csdn.net/kendiv/aggbug/517233.aspx" width = "1" height = "1" />Kendiv(转载)Raising The Bar For Windows Rootkit Detectionhttp://blog.csdn.net/kendiv/archive/2005/08/29/467720.aspxMon, 29 Aug 2005 21:43:00 GMThttp://blog.csdn.net/kendiv/archive/2005/08/29/467720.aspxhttp://blog.csdn.net/kendiv/comments/467720.aspxhttp://blog.csdn.net/kendiv/archive/2005/08/29/467720.aspx#Feedback1http://blog.csdn.net/kendiv/comments/commentRss/467720.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=467720讨论Windows下内核级Rootkit的检测技术及其原理,以Shadow Walker工具为例。本文中分析内存的部分很具有价值。<img src ="http://blog.csdn.net/kendiv/aggbug/467720.aspx" width = "1" height = "1" />Kendiv(转载)检测并禁用隐藏服务http://blog.csdn.net/kendiv/archive/2005/05/31/384663.aspxTue, 31 May 2005 07:28:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/31/384663.aspxhttp://blog.csdn.net/kendiv/comments/384663.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/31/384663.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/384663.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=384663检测并禁用隐藏服务<img src ="http://blog.csdn.net/kendiv/aggbug/384663.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第一章(补充:PDB格式)(4)http://blog.csdn.net/kendiv/archive/2005/05/25/380950.aspxWed, 25 May 2005 23:37:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/25/380950.aspxhttp://blog.csdn.net/kendiv/comments/380950.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/25/380950.aspx#Feedback41http://blog.csdn.net/kendiv/comments/commentRss/380950.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=380950讨论微软的.pdb和.dbg符号文件的内部格式,并给出了可解析这两种格式的示例程序<img src ="http://blog.csdn.net/kendiv/aggbug/380950.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第七章(4)http://blog.csdn.net/kendiv/archive/2005/05/23/379245.aspxMon, 23 May 2005 23:44:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/23/379245.aspxhttp://blog.csdn.net/kendiv/comments/379245.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/23/379245.aspx#Feedback8http://blog.csdn.net/kendiv/comments/commentRss/379245.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=379245Windows 2000的对象管理<img src ="http://blog.csdn.net/kendiv/aggbug/379245.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第七章(3)http://blog.csdn.net/kendiv/archive/2005/05/22/378395.aspxSun, 22 May 2005 23:04:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/22/378395.aspxhttp://blog.csdn.net/kendiv/comments/378395.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/22/378395.aspx#Feedback1http://blog.csdn.net/kendiv/comments/commentRss/378395.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=378395Windows 2000的对象管理<img src ="http://blog.csdn.net/kendiv/aggbug/378395.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第七章(2)http://blog.csdn.net/kendiv/archive/2005/05/22/377947.aspxSun, 22 May 2005 01:32:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/22/377947.aspxhttp://blog.csdn.net/kendiv/comments/377947.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/22/377947.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/377947.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=377947Windows 2000的对象管理<img src ="http://blog.csdn.net/kendiv/aggbug/377947.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第一章(补充:PDB格式)(3)http://blog.csdn.net/kendiv/archive/2005/05/21/377309.aspxSat, 21 May 2005 04:43:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/21/377309.aspxhttp://blog.csdn.net/kendiv/comments/377309.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/21/377309.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/377309.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=377309讨论微软的.pdb和.dbg符号文件的内部格式,并给出了可解析这两种格式的示例程序。<img src ="http://blog.csdn.net/kendiv/aggbug/377309.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第一章(补充:PDB格式)(2)http://blog.csdn.net/kendiv/archive/2005/05/21/377308.aspxSat, 21 May 2005 04:40:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/21/377308.aspxhttp://blog.csdn.net/kendiv/comments/377308.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/21/377308.aspx#Feedback0http://blog.csdn.net/kendiv/comments/commentRss/377308.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=377308讨论微软的.pdb和.dbg符号文件的内部格式,并给出了可解析这两种格式的示例程序。<img src ="http://blog.csdn.net/kendiv/aggbug/377308.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第一章(补充:PDB格式)(1)http://blog.csdn.net/kendiv/archive/2005/05/21/377307.aspxSat, 21 May 2005 04:37:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/21/377307.aspxhttp://blog.csdn.net/kendiv/comments/377307.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/21/377307.aspx#Feedback5http://blog.csdn.net/kendiv/comments/commentRss/377307.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=377307讨论微软的.pdb和.dbg符号文件的内部格式,并给出了可解析这两种格式的示例程序。<img src ="http://blog.csdn.net/kendiv/aggbug/377307.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第七章(1)http://blog.csdn.net/kendiv/archive/2005/05/20/377229.aspxFri, 20 May 2005 23:37:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/20/377229.aspxhttp://blog.csdn.net/kendiv/comments/377229.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/20/377229.aspx#Feedback1http://blog.csdn.net/kendiv/comments/commentRss/377229.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=377229Windows 2000的对象管理<img src ="http://blog.csdn.net/kendiv/aggbug/377229.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第六章(7)http://blog.csdn.net/kendiv/archive/2005/05/15/374929.aspxSun, 15 May 2005 02:29:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/15/374929.aspxhttp://blog.csdn.net/kendiv/comments/374929.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/15/374929.aspx#Feedback1http://blog.csdn.net/kendiv/comments/commentRss/374929.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=374929在用户模式下调用内核API函数 <img src ="http://blog.csdn.net/kendiv/aggbug/374929.aspx" width = "1" height = "1" />Kendiv《Undocumented Windows 2000 Secrets》翻译 --- 第六章(6)http://blog.csdn.net/kendiv/archive/2005/05/14/374707.aspxSat, 14 May 2005 20:04:00 GMThttp://blog.csdn.net/kendiv/archive/2005/05/14/374707.aspxhttp://blog.csdn.net/kendiv/comments/374707.aspxhttp://blog.csdn.net/kendiv/archive/2005/05/14/374707.aspx#Feedback1http://blog.csdn.net/kendiv/comments/commentRss/374707.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=374707在用户模式下调用内核API函数<img src ="http://blog.csdn.net/kendiv/aggbug/374707.aspx" width = "1" height = "1" />